Skip to main content

API Keys

API Keys let external applications or integrations connect to your MyBooks business programmatically, without a user logging in through the browser. If a developer or integration partner needs to connect a system to your MyBooks data, you generate a key here and hand it to them — you don't need to share your login credentials.


About API Keys

  • An API key allows an external application to access your account's data through the MyBooks API.
  • Keep your API keys secure and never share them publicly (in code repositories, chat messages, screenshots, etc.).
  • You can disable or delete a key at any time if it's no longer needed or you suspect it's been compromised.
  • Each key is assigned a role that controls what it's allowed to do.

Generating a New API Key

  1. Go to Settings > API Keys.
  2. Click Generate New API Key.
  3. Enter a Key Name — use something descriptive so you can identify what the key is for later (e.g. "Zapier integration" or "Warehouse system").
  4. Choose a Role:
    • Admin — full access, equivalent to an administrator.
    • Read Only — the integration can read data but cannot make changes.
  5. Click Create API Key.

The key is shown only once, immediately after creation. Copy it right away using the Copy button and store it somewhere secure — MyBooks does not display the full key again afterward. If you lose it, you'll need to delete the key and generate a new one.


Managing Existing Keys

From the Your API Keys list you can, for each key:

  • Show/Hide the key value (click the eye icon).
  • Copy the key to your clipboard.
  • Edit the key's name (click the pencil/edit icon next to the name).
  • Enable or disable the key using the pause/play button — a disabled key stops working immediately but stays on the list so you can re-enable it later.
  • Delete the key permanently — this cannot be undone, and any integration still using that key will stop working right away.

The list also shows each key's role, status (Active/Disabled), when it was created, and when it was last used, which is a useful way to spot keys that are no longer in use.


Security Best Practices

  • Store API keys securely (e.g. in your integration platform's secret/environment variable storage), never in plain text or shared documents.
  • Use a separate key for each application or environment, rather than reusing one key everywhere.
  • Rotate your keys periodically by creating a new one and deleting the old one.
  • Regularly review the key list and disable or delete any keys you no longer recognize or use.
  • Prefer the Read Only role for integrations that only need to pull data (e.g. reporting or dashboard tools), and reserve Admin keys for integrations that genuinely need to create or modify records.